Vulnerability Details CVE-2022-27656
The Web administration UI of SAP Web Dispatcher and the Internet Communication Manager (ICM) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 55.8%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
Products affected by CVE-2022-27656
-
cpe:2.3:a:sap:netweaver_as_abap_kernel:7.22
-
cpe:2.3:a:sap:netweaver_as_abap_kernel:7.49
-
cpe:2.3:a:sap:netweaver_as_abap_kernel:7.53
-
cpe:2.3:a:sap:netweaver_as_abap_kernel:7.77
-
cpe:2.3:a:sap:netweaver_as_abap_kernel:7.81
-
cpe:2.3:a:sap:netweaver_as_abap_kernel:7.85
-
cpe:2.3:a:sap:netweaver_as_abap_kernel:7.86
-
cpe:2.3:a:sap:netweaver_as_abap_kernel:7.87
-
cpe:2.3:a:sap:netweaver_as_abap_kernel:8.04
-
cpe:2.3:a:sap:netweaver_as_abap_krnl64uc:7.22
-
cpe:2.3:a:sap:netweaver_as_abap_krnl64uc:7.22ext
-
cpe:2.3:a:sap:netweaver_as_abap_krnl64uc:7.49
-
cpe:2.3:a:sap:netweaver_as_abap_krnl64uc:7.53
-
cpe:2.3:a:sap:netweaver_as_abap_krnl64uc:8.04
-
cpe:2.3:a:sap:webdispatcher:7.22ext
-
cpe:2.3:a:sap:webdispatcher:7.49
-
cpe:2.3:a:sap:webdispatcher:7.53
-
cpe:2.3:a:sap:webdispatcher:7.77
-
cpe:2.3:a:sap:webdispatcher:7.81
-
cpe:2.3:a:sap:webdispatcher:7.83
-
cpe:2.3:a:sap:webdispatcher:7.85